NSIS-ka
A free C++ implementation of NSIS protocols

Changeset 4485


Ignore:
Timestamp:
Sep 24, 2009, 3:31:37 PM (8 years ago)
Author:
stud-lenk
Message:

Introduce new flag ma_reuse, one in the routingentry for unicast, and one per peer in multicast peer list entry.

Still existing problems:

  • When the Querying Node starts a handshake in D-mode but a peer signals that it wants to re-use the existing MA, the handshake gets completed. But sending data to peers wanting MA re-use fails because it depends on what the Querying Node wanted (C-/D-mode) whether send_data_dmode() or send_data_cmode() is called.

This syncs this branch with trunk (up to r4377).

Location:
ntlp/branches/20090723-multicast
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • ntlp/branches/20090723-multicast

  • ntlp/branches/20090723-multicast/src/Makefile

    r4212 r4485  
    5454#CFLAGS         = --pedantic -O2 -g -Wno-long-long -Wall $(GIST_CXXFLAGS) # development (valgrind)
    5555CFLAGS          = --pedantic -Wno-long-long -Wall $(GIST_CXXFLAGS) -D GIST_VSTR=\"$(GIST_RELEASE)\"
    56 CFLAGS         += -Wno-deprecated -Werror
     56#CFLAGS        += -Wno-deprecated -Werror
    5757
    5858CLINK           = -c -o
  • ntlp/branches/20090723-multicast/src/apiwrapper.cpp

    r4212 r4485  
    10031003                        handle.handle[i] = s.nslp_message_handle[i];
    10041004                }
     1005#else
     1006                handle= 0;
    10051007#endif
    10061008           
  • ntlp/branches/20090723-multicast/src/ntlp_statemodule.h

    r4420 r4485  
    217217
    218218  /// send a GIST Confirm in D-Mode
    219   void send_confirm_dmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry);
     219  void send_confirm_dmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry, const nli* peer_nli);
    220220       
    221221  /// send a GIST Confirm in C-Mode
    222   bool send_confirm_cmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry);
     222  bool send_confirm_cmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry, const nli* peer_nli);
    223223
    224224  /// send GIST Data using explicit routing
  • ntlp/branches/20090723-multicast/src/ntlp_statemodule_api.cpp

    r4245 r4485  
    629629      case qn_established:
    630630        {
    631           // if it is set up in D-Mode
    632           if (r_entry->is_dmode())
     631          // if it is set up in D-Mode and MA re-use not requested
     632          // TODO MULTICAST - this DOES NOT work for C-/D-mode-mixed peers:
     633          if (r_entry->is_dmode() && (r_entry->is_ma_reuse_requested() == false))
    633634          {
    634635            // if transfer type is dmode -> OK, send in D-MODE
     
    665666          } // endif D-Mode
    666667          else
    667           { // C-Mode desired
     668          { // C-Mode or MA re-use desired
    668669
    669670            // if transfer type is dmode -> Transfer in C-Mode instead
     
    708709                       
    709710            } // endif set up cmode without security and transfer type is cmode_sec
    710           } // endif C-Mode desired
     711          } // endif C-Mode or MA re-use desired
    711712          break;
    712713        } // end case
  • ntlp/branches/20090723-multicast/src/ntlp_statemodule_data.cpp

    r4462 r4485  
    158158    assert(peer_nli);
    159159
     160    // check for MA reuse
     161    if (r_entry->is_ma_reuse_requested(peer_nli)) {
     162      ERRCLog(param.name, "Peer " << peer_nli->get_if_address() << " << requested MA reuse. We can't handle that right now -- Skip sending data to this peer.");
     163      mcast_peer_it++;
     164      more_peers = (mcast_peer_it != r_entry->get_multicast_peers()->end());
     165      continue;
     166    }
     167
    160168    // set destination address
    161169    peer->set_ip(peer_nli->get_if_address());
     
    352360      mydata=entry->dataqueue[i]->data;   
    353361      // this cannot be explicitly routed, as we would not use C-Mode
    354       if (entry->is_dmode()) {
     362      // TODO MULTICAST: This does not work for C-/D-mode mixed peers
     363      if (entry->is_dmode() && !entry->is_ma_reuse_requested()) {
    355364        send_data_dmode(mydata, key, entry, entry->dataqueue[i]->msghandle);
    356365      }
  • ntlp/branches/20090723-multicast/src/ntlp_statemodule_main.cpp

    r4420 r4485  
    557557          {
    558558                  if (tmpentry->is_dmode())
    559                           send_confirm_dmode(NULL, &tmpkey, tmpentry);
     559                          send_confirm_dmode(NULL, &tmpkey, tmpentry, tmpentry->get_peer_nli());
    560560                  else
    561                           send_confirm_cmode(NULL, &tmpkey, tmpentry);
     561                          send_confirm_cmode(NULL, &tmpkey, tmpentry, tmpentry->get_peer_nli());
    562562          }
    563563        }
  • ntlp/branches/20090723-multicast/src/ntlp_statemodule_querier.cpp

    r4462 r4485  
    466466      if (r_entry->is_dmode())
    467467      {
    468         DLog(param.name, "We wanted D-mode setup, but other side did MA re-use, promoted to setting up in C-Mode");
    469 
    470         r_entry->set_cmode();
    471         // also upgrade to secure mode if MA was secured
    472         if (r_entry->is_secure() == false)
    473                 r_entry->set_secure(cap.is_secure(peer));
     468        DLog(param.name, "We wanted D-mode setup, but other side wants MA re-use.");
     469
     470        r_entry->set_ma_reuse_requested(incoming_pdu->get_nli());
    474471      }     
    475472    }
    476473
    477     if (r_entry->is_dmode())
    478       DLog(param.name, "No request for Connection Mode was issued, setting up in D-Mode");
     474    if ( r_entry->is_dmode() && r_entry->is_ma_reuse_requested(incoming_pdu->get_nli()) )
     475      DLog(param.name, "Connection Mode was not locally requested, setting up in D-Mode");
    479476
    480477    // send confirms/queued data
     
    486483    if (incoming_pdu->get_R())
    487484    {
    488       if (r_entry->is_dmode())
     485      if ( r_entry->is_dmode() && (r_entry->is_ma_reuse_requested(incoming_pdu->get_nli()) == false) )
    489486      {
    490487        DLog(param.name, "Sending back confirm in D-Mode");
    491         send_confirm_dmode(incoming_pdu, r_key, r_entry);
     488        send_confirm_dmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
    492489      }
    493490      else
     
    496493        {
    497494          DLog(param.name, "Sending back confirm in TLS secured C-Mode");
    498           confirm_success= send_confirm_cmode(incoming_pdu, r_key, r_entry);
     495          confirm_success= send_confirm_cmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
    499496        }
    500497        else
    501498        {
    502499          DLog(param.name, "Sending back confirm in C-Mode");
    503           confirm_success= send_confirm_cmode(incoming_pdu, r_key, r_entry);
     500          confirm_success= send_confirm_cmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
    504501        }
    505502      }
     
    656653               
    657654  // send Confirm if one was requested
    658   // Now look if we were requested to send a confirm           
     655  // Now check if other side solicited a confirm               
    659656  if (incoming_pdu->get_R())
    660657  {
    661     if (r_entry->is_dmode())
     658    if (r_entry->is_dmode() && !r_entry->is_ma_reuse_requested(incoming_pdu->get_nli()))
    662659    {
    663660      DLog(param.name, "Sending back confirm in D-Mode");
    664       send_confirm_dmode(incoming_pdu, r_key, r_entry);
     661      send_confirm_dmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
    665662    }
    666663    else
     
    668665      if (r_entry->is_secure())
    669666      {
    670         send_confirm_cmode(incoming_pdu, r_key, r_entry);
     667        send_confirm_cmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
    671668        DLog(param.name, "Sending back confirm in TLS secured C-Mode");
    672669      }
    673670      else
    674671      {
    675         send_confirm_cmode(incoming_pdu, r_key, r_entry);
     672        send_confirm_cmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
    676673        DLog(param.name, "Sending back confirm in unsecure C-Mode");
    677674      }
     
    720717    ERRCLog(param.name, "Handle Response in Established: no valid routing state or routing key given, ignoring");
    721718    return;
    722   }
    723 
    724   // if confirm was request we have to send it back
    725   if (incoming_pdu->get_R()) {
    726 
    727     DLog(param.name, "Established, but however sending back a GIST Confirm, as it was requested");
    728     if (r_entry->is_dmode()) {
    729       send_confirm_dmode(incoming_pdu, r_key, r_entry);
    730     } else {
    731       send_confirm_cmode(incoming_pdu, r_key, r_entry);
    732     }
    733    
    734719  }
    735720
     
    754739    refresh_timeout = r_entry->get_peer_nli()->get_rs_validity_time();
    755740  }
     741
     742  // if confirm was request we have to send it back
     743  if (incoming_pdu->get_R()) {
     744
     745    DLog(param.name, "Established, but however sending back a GIST Confirm, as it was requested");
     746    if ( r_entry->is_dmode() && !r_entry->is_ma_reuse_requested(incoming_pdu->get_nli()) ) {
     747            send_confirm_dmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
     748    } else {
     749            send_confirm_cmode(incoming_pdu, r_key, r_entry, incoming_pdu->get_nli());
     750    }
     751   
     752  }
     753
    756754  // start Refresh_QNode again
    757755  starttimer(r_key, r_entry, refresh_qnode, 0, randomized(refresh_timeout, gconf.getpar<float>(gistconf_retryfactor)));
     
    803801 * @param r_key -- the routing key specifying the routing entry (may NOT be NULL)
    804802 * @param r_entry -- the routing entry itself (may NOT be NULL)
     803 * @param peer_nli -- the peer to which the confirm should be sent (may NOT be NULL)
    805804 */
    806805void
    807 Statemodule::send_confirm_dmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry) {
     806Statemodule::send_confirm_dmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry, const nli* peer_nli) {
    808807
    809808  assert(pdu != NULL);
    810809  assert(r_key != NULL);
    811810  assert(r_entry != NULL);
     811  assert(peer_nli != NULL);
    812812
    813813  // construct signaling message
     
    817817  appladdress* target= new appladdress;
    818818  target->set_port(gconf.getpar<uint16>(gistconf_udpport));
    819   const nli* peer_nli = r_entry->is_multicast_QNode() ? pdu->get_nli() : r_entry->get_peer_nli();
    820819  if (!peer_nli) {
    821820    ERRCLog(param.name, "No NLI saved locally for this peer. Cannot proceed.");
     
    860859 * @param r_key -- the routing key specifying the routing entry (may NOT be NULL)
    861860 * @param r_entry -- the routing entry itself (may NOT be NULL)
     861 * @param peer_nli -- the peer to which the confirm should be sent (may NOT be NULL)
    862862 * @return returns false if a failure occured, true if confirm was issued at least
    863863 */
    864864bool
    865 Statemodule::send_confirm_cmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry)
     865Statemodule::send_confirm_cmode(const known_ntlp_pdu* pdu, const routingkey* r_key, routingentry* r_entry, const nli* peer_nli)
    866866{
    867867  assert(pdu != NULL);
    868868  assert(r_key != NULL);
    869869  assert(r_entry != NULL);
     870  assert(peer_nli != NULL);
    870871
    871872  // construct signaling message
     
    873874  sigmsg->set_local_addr(r_entry->get_local_src()->copy());
    874875
     876  bool use_existing_ma= false;
    875877  appladdress* target = NULL;
    876878  // construct target address for sending back any error messages
    877879  appladdress*  errortarget= new appladdress;
    878880  errortarget->set_port( gconf.getpar<uint16>(gistconf_udpport) );
    879   const nli* peer_nli = r_entry->is_multicast_QNode() ? pdu->get_nli() : r_entry->get_peer_nli();
    880881  if (!peer_nli) {
    881882    ERRCLog(param.name, "No NLI saved locally for this peer. Cannot proceed.");
     
    885886  errortarget->set_protocol(param.udp);
    886887
    887   bool ma_reuse= false;
    888 
    889888  if (pdu->get_stackprop() && pdu->get_stackconf())
    890   {
     889  { // if stack proposal and stack configuration data were present
    891890    // construct target address
    892     target= cap.get_address(pdu->get_stackprop(), pdu->get_stackconf(), peer_nli->copy(), r_entry->is_secure());
     891    target= cap.get_address(pdu->get_stackprop(), pdu->get_stackconf(), peer_nli, r_entry->is_secure());
    893892    if (target == NULL || target->get_port() == 0)
    894893    {
     
    901900    // no stack proposal and stuff, this could be the case for receiving responses sent over existing MAs for MA re-use
    902901    // state may already have been changed to established before calling this method
    903     if (r_entry->is_cmode() &&
     902    if ( (r_entry->is_cmode() || r_entry->is_ma_reuse_requested(peer_nli)) &&
    904903        (r_entry->get_state() == qn_awaiting_response || r_entry->get_state() == qn_awaiting_refresh ||
    905904         r_entry->get_state() == qn_established) )
     
    909908      if (target == NULL)
    910909      {
    911         ERRCLog(param.name, "No existing MA found and no Stack proposal/config given, cannot figure out where to send Confirm in C-Mode.");
    912 
    913         // send back missing object error
    914         senderror(pdu, errortarget, GIST_Error::error_gist_missing_object, known_ntlp_object::StackProposal);
    915 
    916         return false;
     910              ERRCLog(param.name, "No existing MA found and no Stack proposal/config given, cannot figure out where to send Confirm in C-Mode. This is probably an internal error.");
     911              // this should actually not happen as we have gotten the response via an existing MA
     912
     913              // MA re-use not possible
     914              r_entry->set_ma_reuse_requested(peer_nli,false);
     915              // send back missing object error
     916              senderror(pdu, errortarget, GIST_Error::error_gist_missing_object, known_ntlp_object::StackProposal);
     917             
     918              return false;
    917919      }
    918920      else
    919921      {
    920         ma_reuse= true;
     922              use_existing_ma= true;
    921923      }
    922924    }
     
    933935
    934936  // if we need to set up a new MA, we must have a responder cookie
    935   if (ma_reuse == false)
     937  if (!use_existing_ma)
    936938  {
    937939    if ( !pdu->get_respcookie())
     
    961963  // but this is only required for the very first confirmation message during
    962964  // initial MA setup
    963   stack_conf_data* mysc = (ma_reuse == false)  ? new stack_conf_data(gconf.getpar<uint32>(gistconf_ma_hold_time)) : NULL;
     965  stack_conf_data* mysc = (use_existing_ma == false)  ? new stack_conf_data(gconf.getpar<uint32>(gistconf_ma_hold_time)) : NULL;
    964966   
    965967  // echo responder cookie
  • ntlp/branches/20090723-multicast/src/ntlp_statemodule_responder.cpp

    r4312 r4485  
    320320
    321321  // we must use the original NLI from the query since the one in Confirm is untranslated
    322  
     322  // the NLI is contained in the Responder Cookie then
    323323  nli* translated_nli= echoed_resp_cookie ? echoed_resp_cookie->get_nli() : NULL;
    324324  // peer_nli is the NLI for responder cookie verification
     
    335335    if (gconf.getpar<bool>(gistconf_verbose_error_responses))
    336336      senderror(cnfpdu, peer, GIST_Error::error_gist_invalid_rcookie);
     337
     338    delete translated_nli;
    337339
    338340    accept= false;
     
    356358                  WLog(param.name,"Translated NLI differs between initial query and routing state entry");
    357359          }
     360          // translated_nli is not required anymore
    358361          delete translated_nli;
    359362         
     
    361364          // if we require security we have only secure protocols in the proposal
    362365          // we must check with the peers policy though
    363     if (echoed_resp_proposal)
    364     {
    365       // verify stack proposal
    366       DLog(param.name, "GIST Confirm included Stack Proposal, validating");
    367       if ( cap.accept_proposal(echoed_resp_proposal, auth_peer_db.get_policy(*peer).secure_ma) == false )
    368       {
    369         ERRLog(param.name, color[red] << "Echoed stack proposal validation failed - MA not accepted" << color[off]);
    370 
    371         // At the end of Sec 5.7.1 it is required that the "MA" must be torn down
    372         // Now send a SigTrm to Signaling to tear down TPoverTCP (or whatever else)
    373         SignalingMsgNTLP* sigmsg = new SignalingMsgNTLP;
    374         sigmsg->set_local_addr(r_entry->get_local_src()->copy());
    375         sigmsg->set_trm(peer->copy());     
    376         sigmsg->send_or_delete();
     366          if (echoed_resp_proposal)
     367          {
     368                  // verify stack proposal
     369                  DLog(param.name, "GIST Confirm included Stack Proposal, validating");
     370                  if ( cap.accept_proposal(echoed_resp_proposal, auth_peer_db.get_policy(*peer).secure_ma) == false )
     371                  {
     372                          ERRLog(param.name, color[red] << "Echoed stack proposal validation failed - MA not accepted" << color[off]);
     373
     374                          // At the end of Sec 5.7.1 it is required that the "MA" must be torn down
     375                          // Now send a SigTrm to Signaling to tear down TPoverTCP (or whatever else)
     376                          SignalingMsgNTLP* sigmsg = new SignalingMsgNTLP;
     377                          sigmsg->set_local_addr(r_entry->get_local_src()->copy());
     378                          sigmsg->set_trm(peer->copy());           
     379                          sigmsg->send_or_delete();
    377380       
    378         delete r_entry;
    379         return;
    380       }
    381       else
    382       {
    383         // proposal accepted
    384         // the following must be checked for C-mode now:
    385         // is the CONFIRM coming via a transport connection which matches
    386         // our transfer attributes? It should not accept a TCP connection
    387         // if we requested only secure protocols
    388        
    389         // if we requested secure protocols the echoed proposal only contains
    390         // secure protocols in its profile
    391         bool secure_ma_requested= cap.accept_proposal(echoed_resp_proposal, true);
    392         if (secure_ma_requested)
    393         {
    394                 r_entry->set_secure(true);
    395         }
    396 
    397         // since either no secure MA was requested or at least a stack proposal was present,
    398         // we have reliable MA at least
    399         r_entry->set_cmode();
    400       } // end proposal accepted
    401     } // endif echoed stack proposal present
    402 
    403     // Here we verify C/D-Mode and security requirements
    404     if ( r_entry->is_secure() && cap.is_secure(peer)==false )
    405     {
    406       // Confirm came over non-secure connection
    407       ERRLog(param.name, color[red] << "Confirm came via non-secure connection although we required it - MA not acceptable, terminating" << color[off]);     
    408       // At the end of Sec 5.7.1 it is required that the "MA" must be torn down
    409       // Now send a SigTrm to Signaling to tear down TPoverTCP (or whatever else)
    410       SignalingMsgNTLP* sigmsg = new SignalingMsgNTLP;
    411       sigmsg->set_local_addr(r_entry->get_local_src()->copy());
    412       sigmsg->set_trm(peer->copy());       
    413       sigmsg->send_or_delete();
    414 
    415       delete r_entry;
    416       return;
    417     }
    418 
    419     // Freshen NLI
    420     // check for valid source addresses
    421     if (cnfpdu->get_nli())
    422     {
    423       if (cnfpdu->get_nli()->get_if_address().is_bogus_source())
    424       {
    425         ERRCLog(param.name,"Source address passed in the NLI is not usable (e.g. localhost, multicast, broadcast, etc.)");
    426         senderror(cnfpdu, peer, GIST_Error::error_gist_value_not_supported, known_ntlp_object::NLI, cnfpdu->get_nli());
    427 
    428         delete r_entry;
    429         return;
    430       }
    431       r_entry->set_peer_nli(cnfpdu->get_nli());
    432 
    433       // check for new SII handle and update it
    434       uint32 old_sii_handle=  r_entry->get_sii_handle();
    435       r_entry->set_sii_handle(param.rt.generate_sii_handle(cnfpdu->get_nli()));
    436       if (r_entry->get_sii_handle() != old_sii_handle)
    437       {
    438         ERRLog(param.name, "Consistency check failure for SII handle: SII handle did change for Confirm old: "
    439               << old_sii_handle << " new: " << r_entry->get_sii_handle());
    440       }
    441     }
    442     else
    443     { // this should probably catched earlier during parsing?
    444       ERRCLog(param.name, "NLI missing in Confirm!");
    445      
    446       // we are polite and send back an error to the misbehaving peer
    447       // since we already ensured by the responder cookie that this is not a blind attacker
    448       // chances are high that this is a broken implementation and not an adversary
    449       if (gconf.getpar<bool>(gistconf_verbose_error_responses))
    450         senderror(cnfpdu, peer, GIST_Error::error_gist_missing_object, known_ntlp_object::NLI);
    451     }
     381                          delete r_entry;
     382                          return;
     383                  }
     384                  else
     385                  {
     386                          // proposal accepted
     387                          // the following must be checked for C-mode now:
     388                          // is the CONFIRM coming via a transport connection which matches
     389                          // our transfer attributes? It should not accept a TCP connection
     390                          // if we requested only secure protocols
     391                         
     392                          // if we requested secure protocols the echoed proposal only contains
     393                          // secure protocols in its profile
     394                          bool secure_ma_requested= cap.accept_proposal(echoed_resp_proposal, true);
     395                          if (secure_ma_requested)
     396                          {
     397                                  r_entry->set_secure(true);
     398                          }
     399
     400                          // since either no secure MA was requested or at least a stack proposal was present,
     401                          // we have reliable MA at least
     402                          r_entry->set_cmode();
     403                  } // end proposal accepted
     404          } // endif echoed stack proposal present
     405
     406          // Here we verify C/D-Mode and security requirements
     407          if ( r_entry->is_secure() && cap.is_secure(peer)==false )
     408          {
     409                  // Confirm came over non-secure connection
     410                  ERRLog(param.name, color[red] << "Confirm came via non-secure connection although we required it - MA not acceptable, terminating" << color[off]);     
     411                  // At the end of Sec 5.7.1 it is required that the "MA" must be torn down
     412                  // Now send a SigTrm to Signaling to tear down TPoverTCP (or whatever else)
     413                  SignalingMsgNTLP* sigmsg = new SignalingMsgNTLP;
     414                  sigmsg->set_local_addr(r_entry->get_local_src()->copy());
     415                  sigmsg->set_trm(peer->copy());           
     416                  sigmsg->send_or_delete();
     417                 
     418                  delete r_entry;
     419                  return;
     420          }
     421
     422          // Freshen NLI
     423          // check for valid source addresses
     424          if (cnfpdu->get_nli())
     425          {
     426                  if (cnfpdu->get_nli()->get_if_address().is_bogus_source())
     427                  {
     428                          ERRCLog(param.name,"Source address passed in the NLI is not usable (e.g. localhost, multicast, broadcast, etc.)");
     429                          senderror(cnfpdu, peer, GIST_Error::error_gist_value_not_supported, known_ntlp_object::NLI, cnfpdu->get_nli());
     430                         
     431                          delete r_entry;
     432                          return;
     433                  }
     434                  r_entry->set_peer_nli(cnfpdu->get_nli());
     435                 
     436                  // check for new SII handle and update it
     437                  uint32 old_sii_handle=  r_entry->get_sii_handle();
     438                  r_entry->set_sii_handle(param.rt.generate_sii_handle(cnfpdu->get_nli()));
     439                  if (r_entry->get_sii_handle() != old_sii_handle)
     440                  {
     441                          ERRLog(param.name, "Consistency check failure for SII handle: SII handle did change for Confirm old: "
     442                                << old_sii_handle << " new: " << r_entry->get_sii_handle());
     443                  }
     444          }
     445          else
     446          { // this should probably catched earlier during parsing?
     447                  ERRCLog(param.name, "NLI missing in Confirm!");
     448                 
     449                  // we are polite and send back an error to the misbehaving peer
     450                  // since we already ensured by the responder cookie that this is not a blind attacker
     451                  // chances are high that this is a broken implementation and not an adversary
     452                  if (gconf.getpar<bool>(gistconf_verbose_error_responses))
     453                          senderror(cnfpdu, peer, GIST_Error::error_gist_missing_object, known_ntlp_object::NLI);
     454          }
    452455   
    453     // disposal of saved responder data
    454     r_entry->set_mod_data(NULL);
     456          // disposal of saved responder data
     457          r_entry->set_mod_data(NULL);
    455458   
    456     // set up C-Mode if proposal came via an MA (C-Mode setup requires that confirm is sent over MA)
    457     if (r_entry->is_cmode())
    458     {
    459       // we do accept if stackprop is contained and is acceptable
    460       if (echoed_resp_proposal)
    461       {
    462         if (cap.accept_proposal(echoed_resp_proposal))
    463         {
    464                 param.rt.add_ma(r_entry->get_peer_nli()->copy(), *peer, r_entry->get_ma_hold_time(), true);
    465                 DLog(param.name, color[green] << "State setup in C-Mode");
    466                 if (r_entry->is_secure()) DLog(param.name, "Security is set for this connection");
    467         }
    468         else
    469         {
    470           ERRLog(param.name, color[red] << "Stack proposal validation failed - MA not accepted");
    471 
    472           accept = false;
    473 
    474           // we must close the MA
    475           // At the end of Sec 5.7.1 it is required that the "MA" must be torn down
    476           // Now send a SigTrm to Signaling to tear down TPoverTCP (or whatever else)
    477           SignalingMsgNTLP* sigmsg = new SignalingMsgNTLP;
    478           sigmsg->set_local_addr(r_entry->get_local_src()->copy());
    479           sigmsg->set_trm(peer->copy());           
    480           sigmsg->send_or_delete();
    481         }
    482       }
    483       else
    484       {
    485         // should be ok if we sent the response back via a suitable MA and the confirm comes back
    486         DLog(param.name, color[green] << "State setup in C-Mode, MA re-use (no stack proposal in Confirm present)");
    487       }
    488     } // endif set up C-Mode
    489   }
     459          // set up C-Mode if proposal came via an MA (C-Mode setup requires that confirm is sent over MA)
     460          if (r_entry->is_cmode())
     461          {
     462                  // we do accept if stackprop is contained and is acceptable
     463                  if (echoed_resp_proposal)
     464                  {
     465                          if (cap.accept_proposal(echoed_resp_proposal))
     466                          {
     467                                  param.rt.add_ma(r_entry->get_peer_nli()->copy(), *peer, r_entry->get_ma_hold_time(), true);
     468                                  DLog(param.name, color[green] << "State setup in C-Mode");
     469                                  if (r_entry->is_secure()) DLog(param.name, "Security is set for this connection");
     470                          }
     471                          else
     472                          {
     473                                  ERRLog(param.name, color[red] << "Stack proposal validation failed - MA not accepted");
     474                                 
     475                                  accept = false;
     476                                 
     477                                  // we must close the MA
     478                                  // At the end of Sec 5.7.1 it is required that the "MA" must be torn down
     479                                  // Now send a SigTrm to Signaling to tear down TPoverTCP (or whatever else)
     480                                  SignalingMsgNTLP* sigmsg = new SignalingMsgNTLP;
     481                                  sigmsg->set_local_addr(r_entry->get_local_src()->copy());
     482                                  sigmsg->set_trm(peer->copy());           
     483                                  sigmsg->send_or_delete();
     484                          }
     485                  }
     486                  else
     487                  {
     488                          // should be ok if we sent the response back via a suitable MA and the confirm comes back
     489                          DLog(param.name, color[green] << "State setup in C-Mode, MA re-use (no stack proposal in Confirm present)");
     490                  }
     491          } // endif set up C-Mode
     492  } // end else responder cookie OK
    490493
    491494  if (accept)
    492495  {
    493     // stop NoConfirm timer, restart it as expire_rnode timer (implicit, they are running on the same slot)
    494     // start Expire_RNode timer
     496          // stop NoConfirm timer, restart it as expire_rnode timer (implicit, they are running on the same slot)
     497          // start Expire_RNode timer
    495498          starttimer(r_key, r_entry, expire_rnode, 0, r_entry->get_rs_validity_time());
    496 
    497     // put in state "rn_established"
    498     DLog(param.name, color[green] << "State installed: rn_awaiting_confirm -> rn_established");
    499    
    500     r_entry->set_state(rn_established);
    501    
    502     // notify application about this event
    503     networknotification(r_key, r_entry, APIMsg::route_changed_status_good, false);
    504    
    505     sendqueue(r_key, r_entry);
     499         
     500          // put in state "rn_established"
     501          DLog(param.name, color[green] << "State installed: rn_awaiting_confirm -> rn_established");
     502         
     503          r_entry->set_state(rn_established);
     504         
     505          // notify application about this event
     506          networknotification(r_key, r_entry, APIMsg::route_changed_status_good, false);
     507         
     508          sendqueue(r_key, r_entry);
    506509  }
    507510  else
    508511  {
    509     // if we do nothing a timeout will erase the routing state sometime
    510     // the best thing now is to do invalidate the message routing state
    511     ERRLog(param.name, color[red] << "State not installed.");
    512 
    513     param.rt.invalidate_routing_state(cnfpdu->get_mri()->copy(), cnfpdu->get_nslpid(), APIMsg::bad, false);
     512          // if we do nothing a timeout will erase the routing state sometime
     513          // the best thing now is to do invalidate the message routing state
     514          ERRLog(param.name, color[red] << "State not installed.");
     515         
     516          param.rt.invalidate_routing_state(cnfpdu->get_mri()->copy(), cnfpdu->get_nslpid(), APIMsg::bad, false);
    514517  }
    515518}
  • ntlp/branches/20090723-multicast/src/pdu/confirm.cpp

    r4245 r4485  
    254254    }
    255255
     256    if ((state==wait_stackprop) && (o->is_stackconf())) {
     257        state = deser_done;
     258        // missing object error
     259        // stack conf cannot be sent without a stack proposal
     260        errorlist.put(new GIST_MissingObject(protocol_v1, Confirm, known_ntlp_object::StackProposal));
     261        return true;
     262    }
     263
    256264    if ((state==wait_stackprop) && (!(o->is_stackprop()))) return false;
    257 
    258265
    259266   if ((state==wait_nslpdata) && (o->is_nslpdata())) {
  • ntlp/branches/20090723-multicast/src/routingentry.cpp

    r4462 r4485  
    5050uint32 routingentry::get_retry_period() { return gconf.getpar<uint32>(gistconf_retryperiod); }
    5151
     52bool
     53routingentry::is_ma_reuse_requested(const nli* nli) const
     54{
     55  bool rv = ma_reuse;
     56  if (is_multicast_QNode()) {
     57    if (nli == NULL) {
     58      ERRCLog("routingentry", "is_ma_reuse_requested() called for a multicast QNode, but no NLI given. This should never happen!");
     59    } else {
     60      mcast_peer_list_t::const_iterator it = multicast_peers.find(*nli);
     61      if (it == multicast_peers.end()) {
     62        ERRCLog("routingentry", "is_ma_reuse_requested(): given peer not found in multicast peer list. This should never happen!");
     63      } else {
     64        rv= it->second.ma_reuse;
     65      }
     66    }
     67  }
     68  if (nli == NULL)
     69    DLog("routingentry", "is_ma_reuse_requested() returns " << rv);
     70  else
     71    DLog("routingentry", "is_ma_reuse_requested(" << nli->get_if_address() << ") returns " << rv);
     72  return rv;
     73}
     74
     75void
     76routingentry::set_ma_reuse_requested(const nli* nli, bool reuse_ma)
     77{
     78  if (is_multicast_QNode()) {
     79    if (nli == NULL) {
     80      ERRCLog("routingentry", "set_ma_reuse_requested() called for a multicast QNode, but no NLI given. This should never happen!");
     81      ma_reuse = reuse_ma;
     82    } else {
     83      mcast_peer_list_t::iterator it = multicast_peers.find(*nli);
     84      if (it == multicast_peers.end()) {
     85        ERRCLog("routingentry", "is_ma_reuse_requested(): given peer not found in multicast peer list. This should never happen!");
     86        ma_reuse= reuse_ma;
     87      } else {
     88        it->second.ma_reuse = reuse_ma;
     89      }
     90    }
     91  } else {
     92    ma_reuse = reuse_ma;
     93  }
     94}
     95
    5296string
    5397routingentry::to_string() const
     
    74118    for (mcast_peer_it = multicast_peers.begin(); mcast_peer_it != multicast_peers.end(); mcast_peer_it++) {
    75119      os << std::endl << "  Multicast peer " << mcast_peer_it->first.get_if_address()
    76                       << ": " << mcast_peer_it->second.response_miss_allow_count << " missing responses allowed";
     120                      << ": " << mcast_peer_it->second.response_miss_allow_count << " missing responses allowed, MA re-use: "
     121                      << mcast_peer_it->second.ma_reuse;
    77122    }
    78123  }
     
    99144    multicast_peerstatus status;
    100145    status.response_miss_allow_count = get_max_response_miss_count();
     146    status.ma_reuse = false;
    101147    multicast_peers[*peer] = status;
    102148    DLog("MulticastQN", "Multicast peer " << peer->get_if_address() << " added and marked active (allowed to miss "
  • ntlp/branches/20090723-multicast/src/routingentry.h

    r4462 r4485  
    121121struct multicast_peerstatus {
    122122  uint32 response_miss_allow_count;
     123  bool ma_reuse;
    123124};
    124125
     
    155156          peer_nli(n.peer_nli ? n.peer_nli->copy() : NULL),
    156157          is_multicast_querier(n.is_multicast_querier),
     158          ma_reuse(false),
    157159          local_src(n.local_src ? n.local_src->copy() : NULL),
    158160          state(n.state),
     
    212214        bool is_cmode() const { return !dmode; }
    213215
     216        bool is_ma_reuse_requested(const nli* nli= NULL) const;
     217        void set_ma_reuse_requested(const nli* nli= NULL, bool reuse_ma= true);
     218
    214219        void set_secure(bool securereq= true) { secure= securereq; }
    215220        bool is_secure() const { return secure; }
     
    373378  mcast_peer_list_t multicast_peers;
    374379
     380  // MA re-use requested by peer (unicast only)
     381  bool ma_reuse;
     382
    375383  // The local address that was used as source to create this entry
    376384  hostaddress *local_src;
     
    458466    peer_nli(NULL),
    459467    is_multicast_querier(false),
     468    ma_reuse(false),
    460469    local_src(NULL),
    461470    state(initial),
Note: See TracChangeset for help on using the changeset viewer.